Re: e2fsprogs 1.43.3

To: Gunter Königsmann <gunter@peterpall.de>
Cc: Sanjeev <samdraiz@gmail.com>, debian-backports@lists.debian.org
Subject: Re: e2fsprogs 1.43.3
From: Theodore Ts'o <tytso@mit.edu>
Date: Wed, 7 Sep 2016 22:35:00 -0400
Message-id: <[🔎] 20160908023500.5jscecg2xwcosnv3@thunk.org>
In-reply-to: <[🔎] 394ADB0D-AE0D-4949-B181-C90A745995F7@peterpall.de>
References: <[🔎] 20160906232836.623b61f9.samdraiz@gmail.com> <[🔎] 394ADB0D-AE0D-4949-B181-C90A745995F7@peterpall.de>

On Tue, Sep 06, 2016 at 08:10:13PM +0200, Gunter Königsmann wrote:
> e4crypt is for the ext4 filesystem's encryption feature only. But
> there are ways to use encryption over a loopback device and there is
> encfs. Don't know if f2fs has its own encryption mechanism.

The code to support ext4 encryption feature has, in the latest kernel,
been moved to fs/crypto and is also used by f2fs.  So in theory the
e4crypto could be usable for f2fs.  However, in practice there will be
some issues regarding the naming of the keys in the keyring which are
different, so it probably doesn't work out of the box.

The important caveat I have to give is that the primary initial target
of the ext4 encryption code was for the Android N release.  See:

https://security.googleblog.com/2016/09/keeping-android-safe-security.html

for more details.  The e4crypto progam is just good enough for us to
run automated regression tests, and for experts to use it.  However,
there are a *huge* number of rough edges that need to be cleaned up
before I could recommend it for use by "civilians" in a desktop
environment.

I have actually been chatting with some folks at Ubuntu who are
interested in doing the distro integration work (mostly so they can
replace/deprecate ecryptfs), but that work hasn't been done yet.
(This is also not a commitment from Ubuntu that the work will appear
in any particular release.)  But hopefully at some point there will be
support for single-sign on, cleaner support for using ext4 encryption
on thumb drives, support for encrypted backups (and, more importantly,
the ability to restore the encrypted backups :-), and so on and so
forth.

But I'm not sure I can recommend the use of e4crypto and ext4
encryption (or f2fs encryption for that matter), since we could take a
lot of shortcuts given that I knew the overall user experience was in
the hands of the Android development team, and they could much more
tightly constrain the use cases that would be supported than would be
realistic in a general purpose desktop system.

> I am not sure if backports is the right list for any of these questions, though.

Indeed, probably not.  Feel free to follow up on the linux-ext4
mailing list on vger.kernel.org.

Cheers,

					 - Ted

Reply to:

References:
- e2fsprogs 1.43.3
  - From: Sanjeev <samdraiz@gmail.com>
- Re: e2fsprogs 1.43.3
  - From: Gunter Königsmann <gunter@peterpall.de>

Prev by Date: Re: backport of "geany" and "geany-plugins". Looking for sponsor.
Next by Date: Re: backport of "geany" and "geany-plugins". Looking for sponsor.
Previous by thread: Re: e2fsprogs 1.43.3
Next by thread: backport of "geany" and "geany-plugins". Looking for sponsor.
Index(es):
- Date
- Thread